<?php
/**
 * Copyright 2011  SURFfoundation
 * 
 * This file is part of ESCAPE.
 * 
 * ESCAPE is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * ESCAPE is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with ESCAPE.  If not, see <http://www.gnu.org/licenses/>.
 * 
 * For more information:
 * http://escapesurf.wordpress.com/
 * http://www.surffoundation.nl/
 * 
 * Contact: d.vierkant@utwente.nl
 * 
 * @license http://www.gnu.org/licenses/gpl.html GNU GPLv3
 */
?>
<?php
/**
 * Delete
 * 
 * Delete an object.
 */
class escape_repositoryui_action_Delete extends escape_repositoryui_Action
{
	public function handleRequest()
	{
		/* @var $repository escape_repository_Repository */
		$repository =& $this->requestAttributes['repository'];
		/* @var $repositoryUi escape_repositoryui_RepositoryUi */
		$repositoryUi =& $this->requestAttributes['repositoryUi'];
		
		// fetch the ID from the request
		$objectId = $_REQUEST['actionValue'];
		$objectUri = $repository->convertDataObjectIdToObjectUri($objectId);
		
		// fetch the object
		try {
			$oreObject = $repository->getOreObjectByUri($objectUri);
		}
		catch(Exception $exception)
		{
			$repositoryUi->displayErrorPage($exception->getMessage());
			return null;
		}
		$isAggregation = $oreObject instanceof escape_repository_OreAggregation;
		$aggregation = $oreObject->getAggregation();
		
		$this->requestAttributes['isAggregation'] = $isAggregation;
		
		$this->requestAttributes['oreObject'] =& $oreObject;
		$this->requestAttributes['aggregation'] =& $aggregation;
		
		// compose a return URL
		if($isAggregation)
		{
			$returnUrl = $repository->config['server_url'] . $repositoryUi->getActionLinkById('me');
		}
		else
		{
			$returnUrl = $repository->config['server_url'] . $repositoryUi->getActionLinkById('show', $aggregation->getId());
		}
	
		if(isset($_REQUEST['return_url']))
		{
			$returnUrl = $_REQUEST['return_url'];
		}
		
		$this->requestAttributes['returnUrl'] = $returnUrl;
		
		// check if the user is authorized to delete this object
		$user = $repositoryUi->getUser();
		$userIsAuthorized = false;
		if($user)
		{
			$userUri = $user->getUri();
			$userIsAdministrator = $user->hasSystemRole(escape_repository_User::$role_administrator);
			
			if($isAggregation)
			{
				if($userIsAdministrator || $aggregation->hasOwner($userUri))
				{
					$userIsAuthorized = true;
				}
			}
			else
			{
				if($userIsAdministrator || $aggregation->hasEditor($userUri) || $aggregation->hasOwner($userUri))
				{
					$userIsAuthorized = true;
				}
			}
		}
	
		if(!$userIsAuthorized)
		{
			// user is not authorized to edit this resource, redirect to login page
			$repositoryUi->redirectToLoginForAction($this->requestAttributes['actionName'], $objectId);
			return null;
		}
		
		// check if the user confirmed the delete action
		$deleteConfirmed = false;
		if(isset($_POST['delete_confirm']) && $_POST['delete_confirm'] == '1')
		{
			$deleteConfirmed = true;
		}
		
		$isRedirect = false;
		if($deleteConfirmed)
		{
			// delete the object
			$oreObject->delete();
			
			$isRedirect = true;
		}
		
		if(!$isRedirect)
		{
			return 'ObjectDeleteConfirm';
		}
		else
		{
			header("Location: " . $returnUrl);
			return null;
		}
	}
}